logo标签列表

使用基本身份验证的Webclient / HttpWebRequest返回404未找到有效URL

c#.net
62

编辑:我想回来说明一下,问题根本不是出在我这边,而是对方公司代码的问题。

我正在尝试使用基本认证来加载一个页面。然而我一直收到404页面未找到的错误。如果我将url复制粘贴到浏览器中,它可以正常工作(如果我没有登录到他们的网站,它会弹出凭据框,否则它会打开我想要打开的内容)。我一定是到达了正确的位置并进行了身份验证,因为如果我故意输入错误的用户名/密码,我会得到401(未经身份验证的错误),如果我在查询字符串中传递了错误的参数,我会得到内部服务器错误500。我已经尝试使用Webclient和HttpWebRequest两种方法,都导致相同的404未找到错误。

使用Webclient:

string url = "MyValidURLwithQueryString";
WebClient client = new WebClient();
String userName = "myusername";
String passWord = "mypassword";
string credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(userName + ":" + passWord));
client.Headers[HttpRequestHeader.Authorization] = "Basic " + credentials;
var result = client.DownloadString(url);
Response.Write(result);

使用 HttpWebRequest

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("MyValidURL");
string authInfo = "username:password";
authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
request.Headers.Add("Authorization", "Basic " + authInfo);
request.Credentials = new NetworkCredential("username", "password");
request.Method = WebRequestMethods.Http.Get;
request.AllowAutoRedirect = true;
request.Proxy = null;
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream stream = response.GetResponseStream();
StreamReader streamreader = new StreamReader(stream);
string s = streamreader.ReadToEnd();
Response.Write(s);
2
使用Fiddler,通过浏览器登录到您的网站并查看浏览器发送的标头/正文。我猜,您还应该设置UserAgent - I4V
请求头信息在 Fiddler 中看起来是正确的,我也尝试从之前查看过的帖子中设置 UserAgent,这个帖子建议了同样的做法。 - Josh Blade
404错误不是来自WebClient - 它来自服务器。服务器不喜欢你的程序中的某些东西,但却喜欢浏览器中的某些东西。使用Fiddler使您的WebClient看起来与浏览器完全相同。 - John Saunders
Refer: https://dev59.com/C1jUa4cB1Zd3GeqPSIM3 - Healer
在这里找到了非常好的解决方案 链接 - sairfan
4个回答
126
//BEWARE
//This works ONLY if the server returns 401 first
//The client DOES NOT send credentials on first request
//ONLY after a 401
client.Credentials = new NetworkCredential(userName, passWord); //doesnt work

//So use THIS instead to send credentials RIGHT AWAY
string credentials = Convert.ToBase64String(
    Encoding.ASCII.GetBytes(userName + ":" + password));
client.Headers[HttpRequestHeader.Authorization] = string.Format(
    "Basic {0}", credentials);
2
哇!关于@Blake所描述的方法在第二个请求之前不起作用的重要说明。对于这个解决方案表示赞赏。 - Korayem
2
我之前也遇到了类似的问题,这个方法完全解决了它。谢谢! - Paul Mignard
6
如果不使用Encoding.UTF8.GetBytes(),针对像é这样的特殊字符它将无法正常工作。 - Stefanvds
1
@Stefanvds 说得好,但这很冒险。RFC没有指定应使用哪种编码:https://dev59.com/0Ww05IYBdhLWcg3wcRUj - Alex from Jitbit
1
这对于基本授权(Basic Authorization)可以正常工作,但如果我使用强制域(mandatory domain)的Ntlm授权,我该怎么办? - Wajdi Chamakhi
我感到非常惊喜。有很多关于我不太关心的东西的选项,但这个不是。谢谢! - Gerard ONeill
31

尝试将Web客户端请求认证部分更改为:

NetworkCredential myCreds = new NetworkCredential(userName, passWord);
client.Credentials = myCreds;

然后进行您的通话,对我来说似乎很好用。

2
我也尝试设置凭据属性,但是它仍然出现同样的问题。 - Josh Blade
对我来说,两个版本都可以。你的和得票最高的。 - sabiland
13

这段代码对我来说运行良好:

        WebRequest request = WebRequest.Create(url);
        request.Method = WebRequestMethods.Http.Get;
        NetworkCredential networkCredential = new NetworkCredential(logon, password); // logon in format "domain\username"
        CredentialCache myCredentialCache = new CredentialCache {{new Uri(url), "Basic", networkCredential}};
        request.PreAuthenticate = true;
        request.Credentials = myCredentialCache;
        using (WebResponse response = request.GetResponse())
        {
            Console.WriteLine(((HttpWebResponse)response).StatusDescription);

            using (Stream dataStream = response.GetResponseStream())
            {
                using (StreamReader reader = new StreamReader(dataStream))
                {
                    string responseFromServer = reader.ReadToEnd();
                    Console.WriteLine(responseFromServer);
                }
            }
        }
我正在尝试在SSIS 2010中完成以下操作 - //从变量获取URL string url = Dts.Variables["User::URL"].Value.ToString();NetworkCredential networkCredential = new NetworkCredential(string url = Dts.Variables["User::Email"].Value.ToString(), string url = Dts.Variables["User::Password"].Value.ToString()); 请问您能帮忙处理这个凭据代码吗? - Joeysonic
3
如果您在使用浏览器并首次传递用户名和密码时它能够正常工作,则意味着一旦身份验证完成,您的浏览器请求头将设置所需的身份验证值,然后每次向托管服务器发出请求时都会传递这些值。
因此,请从检查请求头开始(可以使用Web开发人员工具进行),一旦确定了头部所需内容,就可以在HttpWebRequest Header中传递此内容。
以下是Digest身份验证的示例:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography;
using System.Text.RegularExpressions;
using System.Net;
using System.IO;

namespace NUI
{
    public class DigestAuthFixer
    {
        private static string _host;
        private static string _user;
        private static string _password;
        private static string _realm;
        private static string _nonce;
        private static string _qop;
        private static string _cnonce;
        private static DateTime _cnonceDate;
        private static int _nc;

public DigestAuthFixer(string host, string user, string password)
{
    // TODO: Complete member initialization
    _host = host;
    _user = user;
    _password = password;
}

private string CalculateMd5Hash(
    string input)
{
    var inputBytes = Encoding.ASCII.GetBytes(input);
    var hash = MD5.Create().ComputeHash(inputBytes);
    var sb = new StringBuilder();
    foreach (var b in hash)
        sb.Append(b.ToString("x2"));
    return sb.ToString();
}

private string GrabHeaderVar(
    string varName,
    string header)
{
    var regHeader = new Regex(string.Format(@"{0}=""([^""]*)""", varName));
    var matchHeader = regHeader.Match(header);
    if (matchHeader.Success)
        return matchHeader.Groups[1].Value;
    throw new ApplicationException(string.Format("Header {0} not found", varName));
}

private string GetDigestHeader(
    string dir)
{
    _nc = _nc + 1;

    var ha1 = CalculateMd5Hash(string.Format("{0}:{1}:{2}", _user, _realm, _password));
    var ha2 = CalculateMd5Hash(string.Format("{0}:{1}", "GET", dir));
    var digestResponse =
        CalculateMd5Hash(string.Format("{0}:{1}:{2:00000000}:{3}:{4}:{5}", ha1, _nonce, _nc, _cnonce, _qop, ha2));

    return string.Format("Digest username=\"{0}\", realm=\"{1}\", nonce=\"{2}\", uri=\"{3}\", " +
        "algorithm=MD5, response=\"{4}\", qop={5}, nc={6:00000000}, cnonce=\"{7}\"",
        _user, _realm, _nonce, dir, digestResponse, _qop, _nc, _cnonce);
}

public string GrabResponse(
    string dir)
{
    var url = _host + dir;
    var uri = new Uri(url);

    var request = (HttpWebRequest)WebRequest.Create(uri);

    // If we've got a recent Auth header, re-use it!
    if (!string.IsNullOrEmpty(_cnonce) &&
        DateTime.Now.Subtract(_cnonceDate).TotalHours < 1.0)
    {
        request.Headers.Add("Authorization", GetDigestHeader(dir));
    }

    HttpWebResponse response;
    try
    {
        response = (HttpWebResponse)request.GetResponse();
    }
    catch (WebException ex)
    {
        // Try to fix a 401 exception by adding a Authorization header
        if (ex.Response == null || ((HttpWebResponse)ex.Response).StatusCode != HttpStatusCode.Unauthorized)
            throw;

        var wwwAuthenticateHeader = ex.Response.Headers["WWW-Authenticate"];
        _realm = GrabHeaderVar("realm", wwwAuthenticateHeader);
        _nonce = GrabHeaderVar("nonce", wwwAuthenticateHeader);
        _qop = GrabHeaderVar("qop", wwwAuthenticateHeader);

        _nc = 0;
        _cnonce = new Random().Next(123400, 9999999).ToString();
        _cnonceDate = DateTime.Now;

        var request2 = (HttpWebRequest)WebRequest.Create(uri);
        request2.Headers.Add("Authorization", GetDigestHeader(dir));
        response = (HttpWebResponse)request2.GetResponse();
    }
    var reader = new StreamReader(response.GetResponseStream());
    return reader.ReadToEnd();
}

然后你可以这样调用它:

DigestAuthFixer digest = new DigestAuthFixer(domain, username, password);
string strReturn = digest.GrabResponse(dir);

如果Url是: http://xyz.rss.com/folder/rss,那么域名是: http://xyz.rss.com(域名部分),目录是:/folder/rss(URL的其余部分)。您还可以将其作为流返回并使用XmlDocument Load()方法。
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接